scp not tolerant of extraneous shell messages
Markus Friedl
markus at openbsd.org
Thu Jul 4 01:05:10 EST 2002
On Tue, Jul 02, 2002 at 10:33:22AM -0700, Dan Kaminsky wrote:
> >
> >
> >After saying that. I still agree that the user's shell needs to be ran.
> >=) Because it's the correct way for UNIX to handle things.
> >
> >
> OK, so I modify my .profile to execute arbitrary commands. Look mah,
> every time I access a file on a machine, it's "implied" that I have the
> right to execute stuff on it too.
well, if you have a restricted account, then you cannot edit .profile.
if you don't want to have .profile like features available for
users, don't give them a powerful shell.
you could also set the loginshell to sftp-server for example.
More information about the openssh-unix-dev
mailing list